Add "rootspec" hooks. These hooks add a generic mechanism for
devices to advertise extra root device choices. Use these to
replace wedge-specific code in sys/kern/kern_subr.c .
XXX todo: rootspec configuraton can be unloaded after the root
filesystem is mounted, and rootspechook_establish() calls after
the root filesystem is mounted could then be a no-op.
Thanks riastradh@, mlelstv@ and chs@ for reviews and comments.
Add a cfattach device flag specifying that the device has no partitions.
Use this flag in the "dk" and "flash" drivers. The new device flag
can be checked with the device_has_partitions() function. Removes
device-specific knowledge about which devices have partitions from
sys/kern/kern_subr.c .
buf: updated to 1.70.0
1.70.0 - 2026-05-25
- Add LSP completion for `buf.gen.yaml`, `buf.yaml`, and `buf.policy.yaml` files.
- Fix LSP `textDocument/documentSymbol` marking every symbol as deprecated.
- Add error for when a dependency is added to `buf.yaml` and is missing from `buf.lock`.
- Update the `PROTOVALIDATE` lint rule support checking `NaN` in `const`, `in`, `not_in`,
`gt`, `gte`, `lt` and `lte` rules for `float` and `double` fields.
- Update the `PROTOVALIDATE` lint rule support to check `(buf.validate.message).oneof` rules
and make sure they are well-formed and valid.
vaultwarden: updated to 1.36.0
1.36.0
Security Fixes
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
SSO Login CSRF
GHSA-pfp2-jhgq-6hg5
GHSA-w6h6-8r66-hcv7
User/Organization Enumeration
GHSA-hxqh-ff5p-wfr3
SSO existing-user binding
GHSA-j4j8-gpvj-7fqr
GHSA-6x5c-84vm-5j56
SSRF via Icon Endpoint
GHSA-72vh-x5jq-m82g
Some crate's updated and other minor security enhancements
[29 lines not shown]
py-cbor2: updated to 6.1.1
**6.1.1** (2026-05-14)
- Fixed ``cbor2.load()`` returning corrupted data for payloads exceeding 4096 bytes
**6.1.0** (2026-05-12)
- Added the ``allow_duplicate_keys`` parameter to :class:`CBORDecoder`, :func:`load` and
:func:`loads` (default: ``True``). When set to ``False``, a :exc:`CBORDecodeError` is raised
upon encountering a duplicate key within the same map.
- Added support for decoding from any object supporting the buffer API (e.g. ``memoryview`` or
``bytearray``) in addition to ``bytes``
- Fixed compatibility issues with 32-bit systems
(math/R-RcppArmadillo) Updated 14.2.3.1 to 15.2.6.1
(pkgsrc)
- Fix build against R 4.6.0
by adding patch for /usr/lib/execinfo for "backtrace_symbols"
- configure claims gcc-7.5 is too old
(upstream)
News for Package 'RcppArmadillo'
Changes in RcppArmadillo version 15.2.6-1 (2026-04-20):
* Upgraded to Armadillo release 15.2.6 (Medium Roast Deluxe)
* Ensure internally computed tolerances are not 'NaN'
* The 'rmultinom' deploys 'Kahan summation' as R-devel does
now.
Changes in RcppArmadillo version 15.2.5-1 [github-only] (2026-04-18):
[149 lines not shown]
moused.8: emphasize that this is the _serial_ mouse daemon
NetBSD now has multiple "mouse daemons" (see wsmoused(8)) and the
some of the assumptions from the past no longer hold - make it very
super obvious in the initial description that this isn't anything like
FreeBSD's moused.
gupnp: updated to 1.6.10
1.6.10 (stable)
Require GSSDP >= 1.6.5
- Context: Reuse allocated TCP socket from GSSDP Client
for web server
- Context: Do not leak GError in ACL handler
- Fix IPv6 host header validation
gssdp: updated to 1.6.5
1.6.5 (stabe)
- Block corresponding TCP socket when allocating UDP socket
1.6.4 (stable)
- Fix build path leaking into code
- Fix issues with Since: and Deprecated: declarations in documentation
1.6.3 (stable)
- Do not crash if socket receive fails
- Do not leak local address in SocketSource
py-mdit-py-plugins: updated to 0.6.1
0.6.1 - 2026-05-13
- FIX: Nested field lists incorrectly nesting inside parent containers
Field lists inside list items (or other indented containers) would recursively nest each field inside the previous one, instead of being siblings.
0.6.0 - 2026-05-07
- NEW: Add GFM autolink and composite GFM plugins
The `gfm_autolink` plugin implements [GFM autolink literals](https://github.github.com/gfm/#autolinks-extension-),
auto-linking URLs and email addresses without requiring angle brackets:
```markdown
Visit www.example.com or contact user at example.com
```
[15 lines not shown]
py-sphinxcontrib-phpdomain: updated to 0.15.2
0.15.2
* Removed usage of `pkg_resources` and converted to an implicit namespace package.
* Fixed build warnings related to license metadata.
0.15.1
* Tagged the wrong branch for 0.15.0
* Fixed missing build dep
0.15.0
* Expand compatibled version range for sphinx 9.x
py-sphinxcontrib-httpdomain: updated to 2.0.0
2.0.0
Breaking changes
Dropped support for Python 3.9 and older.
Switched to implicit (native) namespace for sphinxcontrib.
Major changes
Added support for Python 3.10 up to 3.14.
Adjusted a unit test regular expression for :file:`bottle_test.py`.
Use MDN documentation for information about HTTP status codes instead of w3.org.
Added :addtoc: option for http directives to register HTTP API endpoints and display them in the page-level table of contents.
Internal
Added Dependabot configuration.
[16 lines not shown]
py-uvicorn: updated to 0.48.0
0.48.0
Changed
Default ssl_ciphers to None and use OpenSSL defaults
Fixed
Ignore duplicate forwarding headers in ProxyHeadersMiddleware
py-httptools: updated to 0.8.0
0.8.0
Add http-parser and llhttp licenses into the wheels
Mark cython module as free-threading compatible
Fix all typing issues
Bump llhttp to 9.4.1
Security: fix URL truncation issue
Allow building with latest setuptools
